From ca4c9f229aa46d7983302323d7468cabde55995c Mon Sep 17 00:00:00 2001
From: Alice Frosi <afrosi@redhat.com>
Date: Wed, 21 Dec 2022 12:01:39 +0100
Subject: Create bpf_dbg program to disassemble BPF filters

The bpf_dbg binary prints the instructions included in the BPF filter.
This is particurarly useful for debugging and verifing the generated
filter. E.g:
  ./bpf_dbg test.bpf
  Read 7 entries
  l0:	ld [4]
  l1:	jeq #0xc000003e, l2, l5
  l2:	ld [0]
  l3:	jeq #0x2a, l4, l5
  l4:	ja 5
  l5:	ret #0x7fff0000
  l6:	ret #0x7fc00000

Signed-off-by: Alice Frosi <afrosi@redhat.com>
---
 bpf_dbg.c | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 bpf_dbg.c

(limited to 'bpf_dbg.c')

diff --git a/bpf_dbg.c b/bpf_dbg.c
new file mode 100644
index 0000000..2f109b1
--- /dev/null
+++ b/bpf_dbg.c
@@ -0,0 +1,27 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <linux/filter.h>
+#include <unistd.h>
+
+#include "disasm.h"
+
+int main(int argc, char **argv)
+{
+	struct sock_filter *filter;
+	size_t fd, n;
+
+	if (argc < 2) {
+		perror("missing input file");
+		exit(EXIT_FAILURE);
+	}
+	filter = calloc(SIZE_FILTER, sizeof(struct sock_filter));
+	fd = open(argv[1], O_CLOEXEC | O_RDONLY);
+
+	n = read(fd, filter, sizeof(struct sock_filter) * SIZE_FILTER);
+	close(fd);
+	printf("Read %ld entries\n", n / sizeof(struct sock_filter));
+	bpf_disasm_all(filter, n / sizeof(struct sock_filter));
+	free(filter);
+	return 0;
+}
-- 
cgit v1.2.3